Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy ACL Rules Get Merged Incorrectly?

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 833 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      carpenike
      last edited by

      I'm trying to build out the config on this blog (http://loredo.me/post/116633549315/geeking-out-with-haproxy-on-pfsense-the-ultimate), but it appears that the acl rules getting generated from the GUI do not match his configuration.

      I don't have my generated configuration handy (will post later today), but it appears that when you build the handful of acl rules on each of the shared frontends and use the 'NOT' option, the merged ruleset treats the entire ACL as 'NOT' rather than individual ACL rules.

      Specifically the sections that seem to be applied incorrectly are in this section of his tutorial:

      Name: WAN_443_HTTPS
      Description: HTTPS
      Shared Frontend: Yes
      Primary Frontend: WAN_443
      Backend Server Pool: WAN_HTTPS
      Access Control lists:
      
      NAME=acl EXPR=Custom NOT=no VALUE=req.ssl_hello_type 1
      NAME=acl EXPR=Custom NOT=yes VALUE=req.ssl_sni -m end -i .vpn.example.com
      NAME=acl EXPR=Custom NOT=yes VALUE=req.ssl_sni -m end -i .ssh.example.com
      
      

      Hopefully that makes sense… If I could import my own config it'd likely be no problem, as his config is published here (https://gist.github.com/jpawlowski/3f91ef9d0bba49eb0c58) and seems to make logical sense to me.

      Should I be expecting this type of behavior?

      Thanks,
      Ryan

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.